2871 matches found
CVE-2023-6252 Path traversal vulnerability in Chameleon Power products
Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensitive information such as configuration files...
OpenCart Authorization Issues Vulnerability (CNVD-2024-30067)
OpenCart is an open source e-commerce system from the OpenCart team in Hong Kong, China. The system provides product reviews, product ratings, product additions and other modules. OpenCart suffers from an authorization issue vulnerability that arises from allowing a back-end user with...
VulnCheck KEV: CVE-2021-46442
In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization...
Chef InSpec Code Injection Vulnerability
Chef Software Chef InSpec is an open source automated testing and compliance checking framework from Chef Software designed to help developers and operations teams write, run, and maintain automated test scripts to validate the compliance and security of applications and infrastructure. A securit...
Directory traversal
ILIAS 2013-09-12 release contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential fil...
Path Traversal
coderedcms is vulnerable to Path Traversal. An attacker could exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable Wagtail CRX CodeRed Extensions server. The request would contain a specially crafted path that would cause the server to serve the attacker a file...
Trane Tracer SC Sensitive Information Disclosure (CVE-2016-0870)
The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a direct request. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
RLSA-2023:4347 Moderate: libeconf security update
Libeconf is a highly flexible and configurable library to parse and manage key=value configuration files. It reads configuration file snippets from different directories and builds the final configuration file from it. Security Fixes: libeconf: stack-based buffer overflow in readfile in...
libeconf security update
An update is available for libeconf. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Libeconf is a highly flexible and configurable library to parse and manage...
Path traversal
Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. By exploiting this vulnerability, an authenticated non privileged user could access/modify stored resources of other users. It could also be possible to access and modify the source and configuration files o...
PT-2023-25768 · Unknown · Aqua Drive
Name of the Vulnerable Software and Affected Versions: Aqua Drive version 2.4 Description: The issue allows an authenticated non-privileged user to access or modify stored resources of other users through a relative path traversal vulnerability. It could also be possible to access and modify the...
SUSE-RU-2023:3956-1 Recommended update for mariadb104
This update for mariadb104 fixes the following issues: - Implement version 10.4 of MariaDB jscPED-2455: It is possible to use more than one authentication plugin for each user account. The root user account is being created with the ability to use two authentication plugins. All user accounts,...
CVE-2023-42771
Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent unauthenticated attacker who can access the affected product to download configuration files and/or log files, and upload configuration files...
Sprecher Automation SPRECON-E Improper Neutralization of Special Elements used in a Command (CVE-2020-11496)
Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access ...
pretix potential IP address spoofing vulnerability
An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application...
CVE-2023-44463
An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application...
PYSEC-2023-187
An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application...
CVE-2023-44463
CVE-2023-44463 affects pretix versions before 2023.7.1. The issue arises from incorrect parsing of configuration files, causing the application to trust unchecked X-Forwarded-For headers even when not configured to do so. This can enable IP address spoofing by users of the application and may aff...
CVE-2023-44463
An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application...
CVE-2023-44463
An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application...